Connect and disconnect a nbd device repeatedly, will cause
NULL pointer fault.
It will appear by the steps:
1. Connect the nbd device and disconnect it, but now nbd device
is not disconnected totally.
2. Connect the same nbd device again immediately, it will fail
in nbd_start_device with a EBUSY return value.
3. Wait a second to make sure the last config_refs is reduced
and run nbd_config_put to disconnect the nbd device totally.
4. Start another process to open the nbd_device, config_refs
will increase and at the same time disconnect it.
To fix it, add a NBD_HAS_STARTED flag. Set it in nbd_start_device_ioctl
and nbd_genl_connect if nbd device is started successfully.
Clear it in nbd_config_put. Test it in nbd_genl_disconnect and
nbd_genl_reconfigure.
Signed-off-by: Sun Ke <sunke32@huawei.com>
---
drivers/block/nbd.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index b4607dd96185..ddd364e208ab 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -83,6 +83,7 @@ struct link_dead_args {
#define NBD_DESTROY_ON_DISCONNECT 0
#define NBD_DISCONNECT_REQUESTED 1
+#define NBD_HAS_STARTED 2
struct nbd_config {
u32 flags;
@@ -1215,6 +1216,7 @@ static void nbd_config_put(struct nbd_device *nbd)
nbd->disk->queue->limits.discard_alignment = 0;
blk_queue_max_discard_sectors(nbd->disk->queue, UINT_MAX);
blk_queue_flag_clear(QUEUE_FLAG_DISCARD, nbd->disk->queue);
+ clear_bit(NBD_HAS_STARTED, &nbd->flags);
mutex_unlock(&nbd->config_lock);
nbd_put(nbd);
@@ -1290,6 +1292,8 @@ static int nbd_start_device_ioctl(struct nbd_device *nbd, struct block_device *b
ret = nbd_start_device(nbd);
if (ret)
return ret;
+ else
+ set_bit(NBD_HAS_STARTED, &nbd->flags);